Coding standards

[agcopley]

Hello Sugarfans,
I just wanted to bring to attention some rather dubious coding practices in Sugar that I have come across.
The most recent of which has been hiding content based on style display attributes particularly with reference to users and passwords.
Basically a reasonably computer-literate person can open a firebug-equiped browser, change the display settings inline and modify their security settings and preferences.
I am starting to see this in multiple places and it is not good practice. The bottom line is if you don't want content to be seen, don't send it to the browser.
I appreciate that there are circumstances for using this method but surely not where security is concerned.

Anyone else have an opinion or thoughts about this?

[JeffPGMT]

1. Might this be a better post in Features and/or Developer?
2. Pet peeves are rampant when things aren't going well...

a. Personally, I NEVER (well rarely) use queries in my web code, wrapper sProc(s) & params, that way incremental changes to business rules pertaining to the database remain in the database, okay I'm over it now and will look forward to inserting my queries where ever needed in php code, gosh I feel like an outlaw! Just kidding, I'll be using Sugar Logic most of the time.

b. Better documentation for what works, detailed - so that my grandmother could follow as such...

Feature overview, objective, uses and general steps; setup a user & role for each type of user then use the duplicate feature for each individual user...bla, blah
Step 1. Login as an admin...
Step 2. blah, blah...

If you're a power admin most likely just the feature overview will be enough being full & complete and you can get on with it; yet if you are new you'll also be able to follow the detailed steps where to click etc.

Cases in point...

Me like little: SugarCRM Developer Blog » Blog Archive » New in Sugar 6.5 – iCal support for Calendar
"The simpliest usage is to just put the URL on you account page right into the client of choice, as shown below:"

Choose the appropriate calendar server to Publish to your client calendar.
---------------------------------------------------------------------------|
Calendar Publishing Options:
---------------------------------------------------------------------------|
Publish vCal ... [Click To Copy]
Publish iCal ... [Click To Copy]
...

Me like more: SugarCRM iCal Patch

[agcopley]

Hi JeffPMGT,
Not really sure what you are talking about but here goes

1. Might this be a better post in Features and/or Developer? Well, its neither a Feature request or a Developer Tool/Hint so, no it wouldn't.
2. Pet peeves are rampant when things aren't going well... Its a QA issue and a security issue, but I guess these are pet peeves for some.